Lucene search
+L

118 matches found

osv
osv
added 2022/06/09 4:15 a.m.7 views

CVE-2022-25805

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. The transmission of cleartext LDAP bind credentials by the cmdmgtloadmgttree command allows an attacker who can intercept or inspect traffic between an authenticated UMS client and server to compromise those LDAP bind...

6.5CVSS5.8AI score0.00555EPSS
Exploits1References2
cvelist
cvelist
added 2022/06/09 12:45 a.m.37 views

CVE-2022-25805

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. The transmission of cleartext LDAP bind credentials by the cmdmgtloadmgttree command allows an attacker who can intercept or inspect traffic between an authenticated UMS client and server to compromise those LDAP bind...

6.7AI score0.00555EPSS
Exploits1References2
cnnvd
cnnvd
added 2022/06/09 12:0 a.m.6 views

IGEL Universal Management Suite 信任管理问题漏洞

The IGEL Universal Management Suite IGEL UMS is a single management solution from IGEL Germany. It can be used for up to tens of thousands of endpoints running IGEL OS. A security vulnerability exists in IGEL Universal Management Suite UMS version 6.07.100, which stems from a hard-coded DES key...

5.5CVSS5.7AI score0.00295EPSS
Exploits1References3
osv
osv
added 2021/12/08 12:15 p.m.5 views

CVE-2021-32591

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the...

5.3CVSS6.1AI score0.00902EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2021/12/08 12:0 a.m.5 views

PT-2021-19797 · Fortinet · Fortimail +3

Name of the Vulnerable Software and Affected Versions: FortiSandbox versions prior to 4.0.1 FortiWeb versions prior to 6.3.12 FortiADC versions prior to 6.2.1 FortiMail versions 7.0.1 and earlier Description: A missing cryptographic steps issue in the function that encrypts users' LDAP and RADIUS...

5.3CVSS5.2AI score0.00902EPSS
Exploits0References3
nvd
nvd
added 2021/10/01 3:15 p.m.30 views

CVE-2021-3825

On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials...

9.6CVSS0.01569EPSS
Exploits1References3
cvelist
cvelist
added 2021/10/01 2:36 p.m.22 views

CVE-2021-3825 Missing Authorization Checks in LiderAhenk

On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials...

9.6CVSS9.4AI score0.01569EPSS
Exploits1References3
cve
cve
added 2021/10/01 2:36 p.m.41 views

CVE-2021-3825

CVE-2021-3825 affects the Lider module of LiderAhenk software, specifically versions 2.1.15 and earlier. The root issue is leakage of configurations via an unsecured API, which can expose valid LDAP credentials to anyone with access to the configurations API. This creates a risk of unauthorized a...

9.6CVSS9.3AI score0.01569EPSS
Exploits1References3Affected Software1
nessus
nessus
added 2021/06/10 12:0 a.m.99 views

Dell EMC NetWorker Multiple Vulnerabilities (DSA-2021-104)

The version of Dell EMC NetWorker installed on the remote Windows host is prior to 19.4.0.2. It is, therefore, affected by multiple vulnerabilities: - Dell EMC NetWorker 18.x, 19.1.x, 19.2.x, 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the...

8.2CVSS5.4AI score0.0025EPSS
Exploits0References3
nvd
nvd
added 2021/06/08 6:15 p.m.21 views

CVE-2021-21558

Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the...

8.2CVSS0.0025EPSS
Exploits0References1
prion
prion
added 2021/06/08 6:15 p.m.24 views

Information disclosure

Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the...

2.1CVSS4.5AI score0.0025EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2021/06/08 6:5 p.m.29 views

CVE-2021-21558

Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the...

8.2CVSS6.1AI score0.0025EPSS
Exploits0References1
vulncheck_kev
vulncheck_kev
added 2021/02/16 12:0 a.m.4 views

VulnCheck KEV: CVE-2018-13374

Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server...

4.3CVSS7.4AI score0.38088EPSS
Exploits3References1
nvd
nvd
added 2020/08/11 6:15 p.m.24 views

CVE-2020-13175

The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 v15 and earlier for Cloud Access Connector contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials...

7.5CVSS7.5AI score0.01672EPSS
Exploits0References1
osv
osv
added 2020/08/11 6:15 p.m.3 views

CVE-2020-13175

The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 v15 and earlier for Cloud Access Connector contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials...

7.5CVSS7.2AI score0.01672EPSS
Exploits0References1
prion
prion
added 2020/08/11 6:15 p.m.18 views

Remote file inclusion

The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 v15 and earlier for Cloud Access Connector contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials...

5CVSS7.5AI score0.01672EPSS
Exploits0References1Affected Software2
cvelist
cvelist
added 2020/08/11 5:40 p.m.22 views

CVE-2020-13175

The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 v15 and earlier for Cloud Access Connector contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials...

7.5AI score0.01672EPSS
Exploits0References1
openvas
openvas
added 2020/07/24 12:0 a.m.26 views

Liferay Portal <= 7.1.3, 7.2.x <= 7.2.1 Multiple Vulnerabilities

Liferay Portal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:liferay:liferayportal"; if...

8.8CVSS7.8AI score0.01778EPSS
Exploits0References3
osv
osv
added 2020/04/30 10:15 p.m.5 views

CVE-2020-5890

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace...

5.5CVSS6.1AI score0.00455EPSS
Exploits0References1
nvd
nvd
added 2020/04/01 10:15 p.m.18 views

CVE-2020-1958

When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based...

6.5CVSS6.4AI score0.04565EPSS
Exploits0References8
Rows per page
Query Builder